chore(deps): merge go-dep-parser into Trivy #6094
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Transfer repositoriy
* test(cargo): to lower * test(cargo): to lower
* Initial NuGet parser files, implemented test cases for three package sources. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Implemented parser, updated testcase to remove duplicated entries. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * test(nuget): Added a test for multiple versions of the same package. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Cleanup of nuget parser (removal of comments which are not really needed). Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Removed JSON mapping from nuget dependency struct (not needed as it's a read not write operation). Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Added a test for legacy nuget packages (x.x.x.x - not semver versions). Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Replaced old nuget test-files with new, generated from netcore image (added comments on generation steps). Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Fixed nuget parsing algorithm to work the same way nuget works internally with package resolving. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Changed name of 'Dependencies' to 'Targets' in LockFile struct for nuget parser. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Wraped error in nuget parser with xerrors. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Updated nuget testdata for legacy packages and removed second loop for sub-packages, as they are added in top-level as Transitive type. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Replaced the complex file with a even more complex file (multi target!), updated parse to again use version. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * refactor(nuget): simplify Co-authored-by: knqyf263 <knqyf263@gmail.com>
* feat: support jar/war/ear * feat(jar): support sha1 search * fix: do not return when MANIFEST.INF is invalid * feat: add log package * feat: search by artifactId * refactor: add runtime scope * feat: support multiple pom.properties * test: add test jar * fix: use fileProps * fix: replace '+' with ' ' * fix: return when artifactId or version are empty * refactor(jar): add a debug message * fix(log): use zap.SugaredLogger
* add support for go.sum (go-dep-parser#20) * modify test cases * keep pseudo version * rewrite test with testify * simplify semver parsing * wrap errors * go mod tidy
* make parser compatible with yaml2 * Fix linting
…rser#28) * feat(JarParse) return errors other than no artifact found error * feat(JarParse) fix review: return error by search sha1 network error * fix(JarParse) change error message
…-parser#27) Signed-off-by: Arunprasad Rajkumar <arajkuma@redhat.com>
* feat: use retryablehttp * feat: configure logger * feat(jar): increase retry wait * fix(jar): skip variables * test(jar): fix * feat: accept only 200 ok * feat(jar): suppress log messages
* changing base url to https * changing base url to https Co-authored-by: Sherif Fathalla <sfathall@akamai.com> Co-authored-by: sherif <sherif.mailbox@gmail.com>
Co-authored-by: Ankush K <akhobragade@gmail.com> Co-authored-by: Ankush K <akhobragade42@gmail.com> Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
…ep-parser#40) Co-authored-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
knqyf263
force-pushed
the
go-dep-parser
branch
from
a0a0b49 to
d947dfb
Compare
Signed-off-by: knqyf263 <knqyf263@gmail.com>
knqyf263
force-pushed
the
go-dep-parser
branch
from
d947dfb to
5ca4652
Compare
Signed-off-by: knqyf263 <knqyf263@gmail.com>
nikpivkin
reviewed
Feb 13, 2024
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
|
I was supposed to keep git history, but the Trivy project allows only "squash and merge". I accidentally lost history of go-dep-parser😭 |
8 tasks
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Merge go-dep-parser into Trivy
Issues
Checklist